Answered by:

XML Encryption Broken - "How To" Published - Impact on WCF / What should we do?

Question

A recent academic article in Journal of the ACM (and published also
here) describes an efficient technique for breaking XML Encryption, based on some discovered issues with cipher block chaining (aka CBC). This looks like the real deal,
and notably affects AES-CBC.

Thus the default WCF security bindings appear to be compromised by this article. I'm concerned that any use of message-level security that uses the default bindings is vulnerable to decryption by a man-in-the-middle or other observers.

What advice does Microsoft have on limiting the attack surface of WCF default bindings to eliminate this vulnerability?

I note that a W3C blog
posting indicates that AES-GCM is perhaps a better choice for effecient and safe symmetric encryption. I believe AES-GCM is available on Windows Vista/7 and Windows Server 2008 / Windows Server 2008 R2 as part of Crypto Next Gen.

is there a way to configure a .NET 3.x or 4.0 WCF Binding to use AES-GCM or another equally effecient non-CBC encryption algorithm?

Answers

Hi Howard - Brent is correct. WCF accepts only signed encrypted messages. I have spoken about this issue with MSRC at length and have concluded that this is not a vulnerability for WCF.Matt Small - Microsoft Escalation Engineer - Forum Moderator

Hi Howard - Brent is correct. WCF accepts only signed encrypted messages. I have spoken about this issue with MSRC at length and have concluded that this is not a vulnerability for WCF.Matt Small - Microsoft Escalation Engineer - Forum Moderator